Your .NET solution must be compiled if you want to use the following plugins:
If your solution is not compiled (or if you do not want to use some of the external tools for your analysis), you can deactivate the external tools by adding the following properties to your configuration file:
- As you've already read in the requirements, your solution must be compiled before running a SonarQubeanalysis. However, please note that SonarQube's primary goal is to analyse source code, so everything has been made to work seamlessly right after the compilation of a solution and before any packaging made by a build process. In other words, if you have build processes that move the compiled DLL or executables and package your application, it is definitely best to run SonarQube before those steps (or in a separate process) otherwise you may run into troubles with over-complicated configuration of the C# plugins.
- It is best to run the analysis from within the folder that contains the SLN file, in order to simplify the configuration of the C# plugins (e.g.: in such case, you do not need to tell where to find the SLN file).
Running an Analysis with the SonarQube Runner (Recommended Way)
Create a sonar-project.propeties file and place it in the same folder as the Solution file (.sln).
Here is the simplest sonar-project.properties file that you can write to be able to run an analysis on your project:
Run the following command from your Solution folder:
Running a SonarQube Analysis with Maven
If you are familiar with Maven, you can also use the maven-dotnet-plugin in order to compile and package .Net projects. If you already use a CI tool such as Jenkins on Java Maven projects, you can use the maven-dotnet-plugin to handle .Net projects the same way
The POM file
Simplest "pom.xml" file for Maven
Above, a very simple pom.xml file that can be used instead of the sonar-project.properties of the SonarQube Runner. If you want to use maven compile and run the tests of your visual studio solution, you also need to declare the maven-dotnet-plugin. Please take a look at the examples provided on the maven-dotnet-plugin site.
The settings file
You need to configure somewhere the location of the external tools used by SonarQubesuch as FxCop, Gendarme or StyleCop. The C# plugins options pages describes the properties needed in the settings.xml. Below an xml fragment describing a maven profile you could add in your settings.xml file :
You can also use property keys used by the maven dotnet plugin. Feel free to take a look at the examples on the maven dotnet plugins.
Run the analysis
Paths and File Patterns
Each time you need to define the location of a file or a set of files, use '/' instead of '\' (even if that looks weird on a Windows box)
If you need to specify a path, this path may be absolute or relative. Relative paths may start from the location of the sln file or the csproj files, depending of the property specified. Relative paths may use "../" to climb in the folder hierarchy.
When several files need to be specified, for example for properties such as
sonar.dotnet.assemblies, Ant style wildcard patterns can be used.
* means any file or any directory.
** means any directory and subdirectory:
Above pattern will select any dll files prefixed by
Foo anywhere in a project.
You can combine an absolute path prefix with wildcards:
This will select any dll files in any subfolder of the lib folder of the drive T.
If you need to reference assembly files outside your solution folder, you can use absolute paths or
../. For example:
Above pattern can be used to specify all the dll files of a lib folder located at the same level as the root folder of your visual studio solution.
As of version 1.4, $(SolutionDir) is not the only special expression that can be used in file patterns. Below the exhaustive list of supported expressions:
|$(SolutionDir)||Root directory of the solution, this is the directory where the sln file is located|
|$(ProjectName)||Name of the currently analysed project of the solution.|
|$(AssemblyName)||Name of the assembly generated by the currently analysed solution. Works only for non asp projects.|
|$(AssemblyVersion)||Version of the assembly generated by the currently analysed solution.|
|$(OutputType)||Type of the generated assembly. Can be "dll" or "exe"|
|$(RootNamespace)||Root namespace of the currently analysed project.|
So if the solution you need to analyze use a "post compilation" msbuild/nant task that copies the generated assemblies somewhere into a "BUILD" directory, you can set the
sonar.dotnet.assemblies property with this pattern:
Tools such as Gendarme and FxCop will be executed once for each project of the solution. For each project, the expressions "AssemblyName" and "OutputType" will be evaluated in order to locate the project assembly.